1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RM 1.1 Allowing zip files a security risk?

Discussion in 'Resource Manager Support' started by Mr Lucky, Jan 4, 2015.

  1. Mr Lucky

    Mr Lucky Well-Known Member

    If I allow members to attach zip files for download, I get the feeling we could lay ourselves open to malware?

    Is this correct?

    If so is there any kind of safer alternative?

  2. Brogan

    Brogan XenForo Moderator Staff Member

    The contents of a .zip file could be anything.

    Users should always be wary of downloading or opening files they don't trust or can't verify the content of.
  3. Mr Lucky

    Mr Lucky Well-Known Member

    Yes, that's what I thought. But if somebody did somehow up[load something malicious, e.g. a trusted member who suddenly became nasty, then would I, as forum owner, be responsible?

    This kind of implies I/we are safest with a disclaimer on the resource download page.
  4. MattW

    MattW Well-Known Member

    You could always put somthing on the server such as clamav with maldet and have it scan the directories where the files are uploaded.

Share This Page